Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Temporary DOS After Liquidation Execution

mohitisimmortal

Summary

After a liquidation event, the protocol’s afterLiquidationExecution() function sets depositPaused = true and does not automatically reset it. Although the owner can later unpause deposits via setDepositPaused(), this creates a temporary DoS condition for deposits during market extremes. Such conditions are precisely when new deposits could help capture market opportunities, leaving users reliant on owner intervention to resume deposits.

Vulnerability Details

After gmx makes a liquidation then protocol’s afterLiquidationExecution() function sets depositPaused = true but never sets it to false(not in any next actions too).

function afterLiquidationExecution() external {

if (msg.sender != address(gmxProxy)) {

revert Error.InvalidCall();

}

@> depositPaused = true;

uint256 sizeInTokens = vaultReader.getPositionSizeInTokens(curPositionKey);

if (sizeInTokens == 0) {

delete curPositionKey;

}

if (flow == FLOW.NONE) {

flow = FLOW.LIQUIDATION;

nextAction.selector = NextActionSelector.FINALIZE;

} else if (flow == FLOW.DEPOSIT) {

flowData = sizeInTokens;

} else if (flow == FLOW.WITHDRAW) {

// restart the withdraw flow even though current step is FINALIZE.

nextAction.selector = NextActionSelector.WITHDRAW_ACTION;

}

In extreme market conditions, liquidations may be frequent. While pausing deposits might be a safety mechanism, it inadvertently creates a state where, after liquidation, new deposits are blocked until the owner intervenes manually. This not only delays the ability to capitalize on market recoveries but also increases centralization risk, as it forces users to depend on the owner’s availability.

Impact

Temporary DOS of deposits.
Centralization: Users lose autonomy as deposit resumption relies solely on the owner's action.
Opportunity Loss: In volatile market conditions, delays in unpausing deposits could result in significant profit opportunities being missed.

Tools Used

Manual Review

Recommendations

Add depositPaused to false in next actions.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Appeal created

mohitisimmortal Submitter

9 months ago

0xl33 Auditor

9 months ago

n0kto Lead Judge

9 months ago

n0kto Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!